<html>
<head><meta charset="utf-8"><title>GitHub Permission Policy · wg-governance · Zulip Chat Archive</title></head>
<h2>Stream: <a href="https://rust-lang.github.io/zulip_archive/stream/223182-wg-governance/index.html">wg-governance</a></h2>
<h3>Topic: <a href="https://rust-lang.github.io/zulip_archive/stream/223182-wg-governance/topic/GitHub.20Permission.20Policy.html">GitHub Permission Policy</a></h3>

<hr>

<base href="https://rust-lang.zulipchat.com">

<head><link href="https://rust-lang.github.io/zulip_archive/style.css" rel="stylesheet"></head>

<a name="188498860"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/223182-wg-governance/topic/GitHub%20Permission%20Policy/near/188498860" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nell Shamrell-Harrington <a href="https://rust-lang.github.io/zulip_archive/stream/223182-wg-governance/topic/GitHub.20Permission.20Policy.html#188498860">(Feb 18 2020 at 22:41)</a>:</h4>
<p>Just completed a new draft of a GitHub permissions policy here <a href="https://github.com/rust-lang/wg-governance/issues/4" target="_blank" title="https://github.com/rust-lang/wg-governance/issues/4">https://github.com/rust-lang/wg-governance/issues/4</a>. Feedback is most welcome!</p>



<a name="188499061"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/223182-wg-governance/topic/GitHub%20Permission%20Policy/near/188499061" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> XAMPPRocky <a href="https://rust-lang.github.io/zulip_archive/stream/223182-wg-governance/topic/GitHub.20Permission.20Policy.html#188499061">(Feb 18 2020 at 22:44)</a>:</h4>
<p><span class="user-mention" data-user-id="225192">@Nell Shamrell-Harrington</span> It might be good to keep it in our draft RFCs folder, so that we can keep it in version control. <span aria-label="slight smile" class="emoji emoji-1f642" role="img" title="slight smile">:slight_smile:</span> <a href="https://github.com/rust-lang/wg-governance/tree/master/draft-rfcs" target="_blank" title="https://github.com/rust-lang/wg-governance/tree/master/draft-rfcs">https://github.com/rust-lang/wg-governance/tree/master/draft-rfcs</a></p>



<a name="188499079"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/223182-wg-governance/topic/GitHub%20Permission%20Policy/near/188499079" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> XAMPPRocky <a href="https://rust-lang.github.io/zulip_archive/stream/223182-wg-governance/topic/GitHub.20Permission.20Policy.html#188499079">(Feb 18 2020 at 22:44)</a>:</h4>
<p>You should have write permissions.</p>



<a name="188499205"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/223182-wg-governance/topic/GitHub%20Permission%20Policy/near/188499205" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nell Shamrell-Harrington <a href="https://rust-lang.github.io/zulip_archive/stream/223182-wg-governance/topic/GitHub.20Permission.20Policy.html#188499205">(Feb 18 2020 at 22:46)</a>:</h4>
<p>an excellent idea!</p>



<a name="188499276"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/223182-wg-governance/topic/GitHub%20Permission%20Policy/near/188499276" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nell Shamrell-Harrington <a href="https://rust-lang.github.io/zulip_archive/stream/223182-wg-governance/topic/GitHub.20Permission.20Policy.html#188499276">(Feb 18 2020 at 22:47)</a>:</h4>
<p>I think I will do that after this round of feedback - expand the outline I have now into a fully drafted RFC</p>



<a name="189523232"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/223182-wg-governance/topic/GitHub%20Permission%20Policy/near/189523232" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nell Shamrell-Harrington <a href="https://rust-lang.github.io/zulip_archive/stream/223182-wg-governance/topic/GitHub.20Permission.20Policy.html#189523232">(Mar 02 2020 at 18:55)</a>:</h4>
<p>RFC has been formally submitted! <a href="https://github.com/rust-lang/rfcs/pull/2872" target="_blank" title="https://github.com/rust-lang/rfcs/pull/2872">https://github.com/rust-lang/rfcs/pull/2872</a></p>



<a name="193514367"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/223182-wg-governance/topic/GitHub%20Permission%20Policy/near/193514367" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nell Shamrell-Harrington <a href="https://rust-lang.github.io/zulip_archive/stream/223182-wg-governance/topic/GitHub.20Permission.20Policy.html#193514367">(Apr 09 2020 at 21:56)</a>:</h4>
<p>I'm still working on landing this RFC, I've brought this comment <a href="https://github.com/rust-lang/rfcs/pull/2872#discussion_r400206110" title="https://github.com/rust-lang/rfcs/pull/2872#discussion_r400206110">https://github.com/rust-lang/rfcs/pull/2872#discussion_r400206110</a> to the attention of the Mozilla Security team - as they were the ones who originally recommended GitHub org admins have separate GitHub accounts.</p>



<a name="193514389"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/223182-wg-governance/topic/GitHub%20Permission%20Policy/near/193514389" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nell Shamrell-Harrington <a href="https://rust-lang.github.io/zulip_archive/stream/223182-wg-governance/topic/GitHub.20Permission.20Policy.html#193514389">(Apr 09 2020 at 21:56)</a>:</h4>
<p>I'm not personally opposed to taking that section out of the RFC, though, depending on what Mozilla security says</p>



<a name="193554316"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/223182-wg-governance/topic/GitHub%20Permission%20Policy/near/193554316" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> nikomatsakis <a href="https://rust-lang.github.io/zulip_archive/stream/223182-wg-governance/topic/GitHub.20Permission.20Policy.html#193554316">(Apr 10 2020 at 09:54)</a>:</h4>
<p>Ugh, what a pain.</p>



<a name="193554338"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/223182-wg-governance/topic/GitHub%20Permission%20Policy/near/193554338" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> nikomatsakis <a href="https://rust-lang.github.io/zulip_archive/stream/223182-wg-governance/topic/GitHub.20Permission.20Policy.html#193554338">(Apr 10 2020 at 09:54)</a>:</h4>
<p>It seems clear that this is not what the kind of behavior those ToS are trying to prevent</p>



<a name="193554343"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/223182-wg-governance/topic/GitHub%20Permission%20Policy/near/193554343" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> nikomatsakis <a href="https://rust-lang.github.io/zulip_archive/stream/223182-wg-governance/topic/GitHub.20Permission.20Policy.html#193554343">(Apr 10 2020 at 09:54)</a>:</h4>
<p>but .. they say what they say</p>



<a name="193594486"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/223182-wg-governance/topic/GitHub%20Permission%20Policy/near/193594486" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Val Grimm <a href="https://rust-lang.github.io/zulip_archive/stream/223182-wg-governance/topic/GitHub.20Permission.20Policy.html#193594486">(Apr 10 2020 at 17:23)</a>:</h4>
<p>Would this be something worth taking up with GitHub?</p>



<a name="193594709"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/223182-wg-governance/topic/GitHub%20Permission%20Policy/near/193594709" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> BatmanAoD (Kyle Strand) <a href="https://rust-lang.github.io/zulip_archive/stream/223182-wg-governance/topic/GitHub.20Permission.20Policy.html#193594709">(Apr 10 2020 at 17:25)</a>:</h4>
<p>I wonder if they can "grant" us a few "paid" accounts for free?</p>



<a name="193594856"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/223182-wg-governance/topic/GitHub%20Permission%20Policy/near/193594856" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Val Grimm <a href="https://rust-lang.github.io/zulip_archive/stream/223182-wg-governance/topic/GitHub.20Permission.20Policy.html#193594856">(Apr 10 2020 at 17:26)</a>:</h4>
<p>Well, before that . . . it's a question of dialogue about the why . . .</p>



<a name="193595288"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/223182-wg-governance/topic/GitHub%20Permission%20Policy/near/193595288" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> BatmanAoD (Kyle Strand) <a href="https://rust-lang.github.io/zulip_archive/stream/223182-wg-governance/topic/GitHub.20Permission.20Policy.html#193595288">(Apr 10 2020 at 17:30)</a>:</h4>
<p>I think once Mozilla Security team explains their rationale, it would indeed be a good idea to discuss w/ GitHub.</p>



<a name="193599308"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/223182-wg-governance/topic/GitHub%20Permission%20Policy/near/193599308" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> XAMPPRocky <a href="https://rust-lang.github.io/zulip_archive/stream/223182-wg-governance/topic/GitHub.20Permission.20Policy.html#193599308">(Apr 10 2020 at 18:05)</a>:</h4>
<p>Well I believe the motivation is a separate account ensures that you cannot cause catastrophic damage. This could be through a security breach on your end (stolen devices or information) or on a service providers end (such as admin capable API tokens being leaked). I do have a slight preference for separate accounts not from a security standpoint but an organization perspective.   I've found that permissions are better when admins have to use the same permission structure as regular users for most of their work, because it makes any flaws or annoyances apparent to the people who can change it.</p>



<a name="193599780"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/223182-wg-governance/topic/GitHub%20Permission%20Policy/near/193599780" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Val Grimm <a href="https://rust-lang.github.io/zulip_archive/stream/223182-wg-governance/topic/GitHub.20Permission.20Policy.html#193599780">(Apr 10 2020 at 18:09)</a>:</h4>
<p>And these are all good reasons to bring up the topic with GitHub. This isn't a Rust-specific problem. So, what would the next steps be?</p>



<a name="193620825"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/223182-wg-governance/topic/GitHub%20Permission%20Policy/near/193620825" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nell Shamrell-Harrington <a href="https://rust-lang.github.io/zulip_archive/stream/223182-wg-governance/topic/GitHub.20Permission.20Policy.html#193620825">(Apr 10 2020 at 21:40)</a>:</h4>
<p>If they haven't already done so, someone from Mozilla security is going to respond on the RFC</p>



<a name="193620881"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/223182-wg-governance/topic/GitHub%20Permission%20Policy/near/193620881" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nell Shamrell-Harrington <a href="https://rust-lang.github.io/zulip_archive/stream/223182-wg-governance/topic/GitHub.20Permission.20Policy.html#193620881">(Apr 10 2020 at 21:40)</a>:</h4>
<p><span class="user-mention" data-user-id="121055">@Pietro Albini</span> and I have a standing meeting every other week with GitHub for Infra issues - so we could bring this up then</p>



<a name="193620955"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/223182-wg-governance/topic/GitHub%20Permission%20Policy/near/193620955" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Pietro Albini <a href="https://rust-lang.github.io/zulip_archive/stream/223182-wg-governance/topic/GitHub.20Permission.20Policy.html#193620955">(Apr 10 2020 at 21:40)</a>:</h4>
<p><span class="user-mention" data-user-id="225192">@Nell Shamrell-Harrington</span> want to add it to our agenda and bring it up yourself during the call?</p>



<a name="193620975"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/223182-wg-governance/topic/GitHub%20Permission%20Policy/near/193620975" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nell Shamrell-Harrington <a href="https://rust-lang.github.io/zulip_archive/stream/223182-wg-governance/topic/GitHub.20Permission.20Policy.html#193620975">(Apr 10 2020 at 21:41)</a>:</h4>
<p>can do!</p>



<a name="193622291"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/223182-wg-governance/topic/GitHub%20Permission%20Policy/near/193622291" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nell Shamrell-Harrington <a href="https://rust-lang.github.io/zulip_archive/stream/223182-wg-governance/topic/GitHub.20Permission.20Policy.html#193622291">(Apr 10 2020 at 21:54)</a>:</h4>
<p>I am 99.99% certain that GitHub is going to say us having multiple accounts is fine for admins is fine. Looks like Mozilla security has also responded explaining why they feel this is necessary.</p>



<a name="194347919"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/223182-wg-governance/topic/GitHub%20Permission%20Policy/near/194347919" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nell Shamrell-Harrington <a href="https://rust-lang.github.io/zulip_archive/stream/223182-wg-governance/topic/GitHub.20Permission.20Policy.html#194347919">(Apr 16 2020 at 18:30)</a>:</h4>
<p>Got an answer from GitHub <a href="https://github.com/rust-lang/rfcs/pull/2872#discussion_r409760310" title="https://github.com/rust-lang/rfcs/pull/2872#discussion_r409760310">https://github.com/rust-lang/rfcs/pull/2872#discussion_r409760310</a></p>



<a name="194351316"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/223182-wg-governance/topic/GitHub%20Permission%20Policy/near/194351316" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> BatmanAoD (Kyle Strand) <a href="https://rust-lang.github.io/zulip_archive/stream/223182-wg-governance/topic/GitHub.20Permission.20Policy.html#194351316">(Apr 16 2020 at 18:56)</a>:</h4>
<p>Was your conversation in writing somehow? It would be nice to have a paper trail just so we have something to point to in case anyone (from within GitHub or not) raises this as an issue.</p>



<a name="194352351"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/223182-wg-governance/topic/GitHub%20Permission%20Policy/near/194352351" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nell Shamrell-Harrington <a href="https://rust-lang.github.io/zulip_archive/stream/223182-wg-governance/topic/GitHub.20Permission.20Policy.html#194352351">(Apr 16 2020 at 19:03)</a>:</h4>
<p>It was not , unfortunately, and I don't know that we will be able to get that.</p>



<a name="194352471"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/223182-wg-governance/topic/GitHub%20Permission%20Policy/near/194352471" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> BatmanAoD (Kyle Strand) <a href="https://rust-lang.github.io/zulip_archive/stream/223182-wg-governance/topic/GitHub.20Permission.20Policy.html#194352471">(Apr 16 2020 at 19:04)</a>:</h4>
<p>Okay.</p>



<a name="194502561"></a>
<h4><a href="https://rust-lang.zulipchat.com#narrow/stream/223182-wg-governance/topic/GitHub%20Permission%20Policy/near/194502561" class="zl"><img src="https://rust-lang.github.io/zulip_archive/assets/img/zulip.svg" alt="view this post on Zulip" style="width:20px;height:20px;"></a> Nell Shamrell-Harrington <a href="https://rust-lang.github.io/zulip_archive/stream/223182-wg-governance/topic/GitHub.20Permission.20Policy.html#194502561">(Apr 17 2020 at 21:32)</a>:</h4>
<p>I think this is finally ready to move forward <a href="https://github.com/rust-lang/rfcs/pull/2872" title="https://github.com/rust-lang/rfcs/pull/2872">https://github.com/rust-lang/rfcs/pull/2872</a></p>



<hr><p>Last updated: Aug 07 2021 at 22:04 UTC</p>
</html>